Allegedly, on or about 6 February 2018, Bob Goodwin sent: > Thoughts and advice appreciated, Oh, and check the security of the cameras, themselves. There's a huge number of IP cams with insecure software that, not only exposes the camera to exploits, but your LAN to exploits through the camera. I bought a cheap $30 one, on a whim, just to see how the robot mechanism worked. It's one that should never be allowed anywhere near internet access. It logs into a central server so you can connect to your camera. That exposes you to rogues who poll the server. And the camera is easily exploitable with a broken HTTP access request, which returns the passwords set into the camera. From there, they can write into the camera, and may be able to exploit your LAN (especially if you're silly enough to use the same passwords). http://seclists.org/fulldisclosure/2017/Mar/23 https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html The problem is created by a stupid implementation of a simplistic webserver in the cameras. -- [tim@localhost ~]$ uname -rsvp Linux 4.14.14-200.fc26.x86_64 #1 SMP Fri Jan 19 13:27:06 UTC 2018 x86_64 Boilerplate: All mail to my mailbox is automatically deleted. There is no point trying to privately email me, I only get to see the messages posted to the mailing list. It seems the modern trend with Linux programmers is to change existing software so that it's more annoying to use (e.g. making reboots required, when they never used to be), then denying that *that* is a nuisance, then saying it's necessary (ignoring that several years of prior versions didn't have that stupid requirement), then complaining about being criticised for making things worse. Don't try giving me an Emperor's New Clothes routine, it won't wash. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
